Mailing List Archive

gpa fails to deal with my key: Invalid crypto engine
[Also posted here:
http://wald.intevation.org/forum/forum.php?thread_id=988&forum_id=27

Hello,

gpa appears to be incapable of doing anything with my key.
To demonstrate the problem, run these commands:
(src/gpa was just built from git on Fedora 15: gpa-0.9.0-15-g71cfe73)

gpg --keyring test --import \
<(wget -O - http://meyering.net/key/000BEEEE.gpg)
src/gpa --keyring=test

The main window appears, but also a "GPA Error" window, which says:

The GPGME library returned an unexpected
error. The error was:

Invalid crypto engine

This is probably a bug in GPA.
GPA will now try to recover this error.

CLOSE

When I hit the CLOSE button, that window
disappears, but it is immediately replaced by
an identical one. That means I can never (afaik)
manage to use the main window.

_______________________________________________
Gpa-dev mailing list
Gpa-dev@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gpa-dev
Re: gpa fails to deal with my key: Invalid crypto engine [ In reply to ]
Hi,

just a few quick comments for now:

On Sat, 3 Sep 2011 10:26, jim@meyering.net said:

> gpg --keyring test --import \
> <(wget -O - http://meyering.net/key/000BEEEE.gpg)

gpg --keyring test --fetch-key http://meyering.net/key/000BEEEE.gpg

is easier ;-)

> src/gpa --keyring=test

GPA does not support --keyring with a value. --keyring merely means to
start with the key manager.

> The GPGME library returned an unexpected
> error. The error was:

To debug this you may do

GPGME_DEBUG=9:/foo/gpgme.log src/gpa --keyring

watch out for gpg started with --version.



Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gpa-dev mailing list
Gpa-dev@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gpa-dev
Re: gpa fails to deal with my key: Invalid crypto engine [ In reply to ]
Werner Koch wrote:
> just a few quick comments for now:
>
> On Sat, 3 Sep 2011 10:26, jim@meyering.net said:
>
>> gpg --keyring test --import \
>> <(wget -O - http://meyering.net/key/000BEEEE.gpg)
>
> gpg --keyring test --fetch-key http://meyering.net/key/000BEEEE.gpg
>
> is easier ;-)

And more portable ;-)
Thanks!

>> src/gpa --keyring=test
>
> GPA does not support --keyring with a value. --keyring merely means to
> start with the key manager.
>
>> The GPGME library returned an unexpected
>> error. The error was:
>
> To debug this you may do
>
> GPGME_DEBUG=9:/foo/gpgme.log src/gpa --keyring
>
> watch out for gpg started with --version.

Thanks.
It reports gpg2, which is gnupg2-2.0.17-1.fc15.x86_64

Here's a reproducer that imports into an empty $HOME and .gnupg directory:

#!/bin/sh
d=$(mktemp -d)
echo $d
mkdir -p $d/.gnupg
export HOME=$d

gpg --fetch-key http://meyering.net/key/000BEEEE.gpg

# Or wherever you have gpa cloned
GPGME_DEBUG=9:/foo/gpgme.log ~/w/gpa/src/gpa

Here's the full log:
Re: gpa fails to deal with my key: Invalid crypto engine [ In reply to ]
On Sun, 4 Sep 2011 10:49, jim@meyering.net said:

> Here's a reproducer that imports into an empty $HOME and .gnupg directory:
>
> #!/bin/sh
> d=$(mktemp -d)
> echo $d
> mkdir -p $d/.gnupg
> export HOME=$d

That makes X non working on my system. Thus I used GNUPGHOME for a
quick test. I found no problem with my current installation - however
this is 2.1 and not 2.0.17. I better test it on a plain amd64 box - but
not today.

> Here's the full log:

I can't spot an obvious problem. Debugging gpa might be easier for me.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gpa-dev mailing list
Gpa-dev@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gpa-dev
Re: gpa fails to deal with my key: Invalid crypto engine [ In reply to ]
Werner Koch wrote:
> On Sun, 4 Sep 2011 10:49, jim@meyering.net said:
>
>> Here's a reproducer that imports into an empty $HOME and .gnupg directory:
>>
>> #!/bin/sh
>> d=$(mktemp -d)
>> echo $d
>> mkdir -p $d/.gnupg
>> export HOME=$d
>
> That makes X non working on my system. Thus I used GNUPGHOME for a
> quick test. I found no problem with my current installation - however
> this is 2.1 and not 2.0.17. I better test it on a plain amd64 box - but
> not today.
>
>> Here's the full log:
>
> I can't spot an obvious problem. Debugging gpa might be easier for me.

Did you manage to reproduce the failure?

I've just built gnupg using the latest of all of these from git:

gnupg
libassuan
libgpg-error
libgcrypt
libksba

(with the caveat that I had to work around a build failure due to
libgcrypt's recent removal of gcry_md_start_debug, as I've just
posted to gnupg-devel)

Even with that, I still end up with the pesky undismissable
"GPA error" dialog.

For the record, gpg2 now reports this:

$ gpg2 --version
gpg (GnuPG) 2.1.0-git0dcf517
libgcrypt 1.6.0-gitba71277

_______________________________________________
Gpa-dev mailing list
Gpa-dev@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gpa-dev
Re: gpa fails to deal with my key: Invalid crypto engine [ In reply to ]
On Mon, 19 Sep 2011 21:22, jim@meyering.net said:

> Did you manage to reproduce the failure?

No. I tried to reproduce but it worked (Debian Sid on x86).

> gnupg
> libassuan
> libgpg-error
> libgcrypt
> libksba

I use the same except for Libgcrypt which is 1.5.0 due to the ABI
change. But that is not the problem.
>
> Even with that, I still end up with the pesky undismissable
> "GPA error" dialog.

>From the log:

gpgme_set_protocol: enter: ctx=0x9d9600, protocol=1 (CMS)
gpgme_set_protocol: check: ctx=0x9d9600, releasing ctx->engine=0x958ae0
gpgme_set_protocol: leave
gpgme_op_keylist_start: enter: ctx=0x9d9600, pattern=(null), secret_only=1
gpgme_op_keylist_start: error: Invalid crypto engine <GPGME>

Do you have any X.509 key? I have not tested without. Let's try to set

cms_hack = 1; /* CMS is now always enabled. */

in gpa/src/gpa.c to 0.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gpa-dev mailing list
Gpa-dev@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gpa-dev
Re: gpa fails to deal with my key: Invalid crypto engine [ In reply to ]
Werner Koch wrote:

> On Mon, 19 Sep 2011 21:22, jim@meyering.net said:
>
>> Did you manage to reproduce the failure?
>
> No. I tried to reproduce but it worked (Debian Sid on x86).
>
>> gnupg
>> libassuan
>> libgpg-error
>> libgcrypt
>> libksba
>
> I use the same except for Libgcrypt which is 1.5.0 due to the ABI
> change. But that is not the problem.
>>
>> Even with that, I still end up with the pesky undismissable
>> "GPA error" dialog.
>
>>From the log:
>
> gpgme_set_protocol: enter: ctx=0x9d9600, protocol=1 (CMS)
> gpgme_set_protocol: check: ctx=0x9d9600, releasing ctx->engine=0x958ae0
> gpgme_set_protocol: leave
> gpgme_op_keylist_start: enter: ctx=0x9d9600, pattern=(null), secret_only=1
> gpgme_op_keylist_start: error: Invalid crypto engine <GPGME>
>
> Do you have any X.509 key?

No.

That you always use one makes me wonder.
Would you recommend doing so, in general?

> I have not tested without. Let's try to set
>
> cms_hack = 1; /* CMS is now always enabled. */
>
> in gpa/src/gpa.c to 0.

I made that change, recompiled gpa, and now it works.
Thanks!

_______________________________________________
Gpa-dev mailing list
Gpa-dev@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gpa-dev
Re: gpa fails to deal with my key: Invalid crypto engine [ In reply to ]
On Tue, 20 Sep 2011 10:38, jim@meyering.net said:

> That you always use one makes me wonder.

I don't use it really. However I have a couple of test keys and I also
store SSL server keys with gpgsm.

> Would you recommend doing so, in general?

No.

> I made that change, recompiled gpa, and now it works.
> Thanks!

I'll look into this. This is probably a long standing bug.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gpa-dev mailing list
Gpa-dev@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gpa-dev
Re: gpa fails to deal with my key: Invalid crypto engine [ In reply to ]
On Tue, 20 Sep 2011 11:46, wk@gnupg.org said:

> I'll look into this. This is probably a long standing bug.

Fixed.


Detect a uninstalled GPGSM

Without GPGSM being installed we ran into an endless loop of warning
about invalid engines. With this change we detect it and disable the
X.509 support. Also added an option to disable X.509 on the command
line or via the conf file.



Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gpa-dev mailing list
Gpa-dev@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gpa-dev
Re: gpa fails to deal with my key: Invalid crypto engine [ In reply to ]
Werner Koch wrote:
> On Tue, 20 Sep 2011 11:46, wk@gnupg.org said:
>
>> I'll look into this. This is probably a long standing bug.
>
> Fixed.
>
>
> Detect a uninstalled GPGSM
>
> Without GPGSM being installed we ran into an endless loop of warning
> about invalid engines. With this change we detect it and disable the
> X.509 support. Also added an option to disable X.509 on the command
> line or via the conf file.

Quick service. Thank you!

_______________________________________________
Gpa-dev mailing list
Gpa-dev@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gpa-dev